how to secure dns zone edit on dedicated server

[bejbi]

Hi,

I have problem:

I have three servers (dedicated for some companies)
I have shared hosting on others several servers
I have three own dns servers

My shared hosting servers are in dns-cluster with my dns servers
Also the dedicated servers are in dns-cluster with the same dns serves.

Problem is, that the dedicated server's customer should have root access on own server.
But when he is logged as root on WHM he can EDIT all dns zones on all my servers (shared and other dedicated). I don't know how to resolve this security problem. Root access is needed for customer, and offering dedicated server I must to give him my dns serves for use ...

So I can't see any solution, to resolve this security problem ... ?

Thanks for help.

Wojtek

[Miraenda]

Why must you give him your DNS to use if he has a dedicated server? He can create his own privately registered DNS nameservers. I would not cluster his machine to your nameservers in this instance at all. Instead, just put a DNS zone for his domain onto your nameservers initially so his machine will work but without clustering his machine to yours, then tell him to use his domain to privately register DNS nameservers at his domain registrar (if you registered the domain for him, setup his private nameservers for him there to point to his dedicated machine's IPs).

It is never a good idea to give a dedicated machine clustering access to your nameservers. They are best served creating their own private nameservers. This way, they can run BIND on their own dedicated machine and control their own zones (and you don't have to process their zones on your cluster).